Home > Archive > PHP Programming > March 2004 > Reading unix group info and user info
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Reading unix group info and user info
|
|
|
| Hi,
Can someone please guide me as to how one reads group/user info of *nix
servers using PHP? Is it possible at all? I need to authenticate people
on a secure local website by looking at their group and user rights. Any
info would be of great help! thanks,
Steve
| |
| Gordon Burditt 2004-03-30, 8:33 pm |
| >Can someone please guide me as to how one reads group/user info of *nix
>servers using PHP? Is it possible at all? I need to authenticate people
>on a secure local website by looking at their group and user rights. Any
>info would be of great help! thanks,
Do you want to securely read the group/user permissions of a user
running on a client machine with PHP on a server machine, where the
two machines are different? This probably can't be done with
anything remotely resembling security, especially if it is possible
for the user running the client machine to boot one of the latest
viruses instead of unix. Essentially, the client can LIE and there's
not a whole lot the server can do about it, short of running something
like Kerberos.
Also, does having root permission on the client machine actually
MEAN anything to the server? I have root privileges on lots of
machines, not including those owned by any bank, and the bank server
really shouldn't be impressed by that fact.
Gordon L. Burditt
| |
| Terence 2004-03-30, 8:33 pm |
| Steve wrote:
> Hi,
>
> Can someone please guide me as to how one reads group/user info of *nix
> servers using PHP? Is it possible at all? I need to authenticate people
> on a secure local website by looking at their group and user rights. Any
> info would be of great help! thanks,
>
>
> Steve
>
Just to clarify, are you basically trying to authenticate people against
/etc/passwd ?
This might be more easily done with the web server if you are using apache.
http://www.apacheref.com/ref/mod_auth/AuthUserFile.html
http://httpd.apache.org/docs/mod/mod_auth.html
If you can achieve this, then you won't need to bother writing a
security module for your app. I think there are ways of extracting who
the user is logged in as from the apache environment variables. Check
the php manual. Then you can implement access control on your
application's resources from a database lookup or something. maybe:
$arrGroups = file("/etc/groups");
foreach($arrGroups AS $strGroup) { ...tokenizer... }
| |
|
|
Terence wrote:
> Steve wrote:
>
>
> Just to clarify, are you basically trying to authenticate people against
> /etc/passwd ?
>
> This might be more easily done with the web server if you are using apache.
>
> http://www.apacheref.com/ref/mod_auth/AuthUserFile.html
> http://httpd.apache.org/docs/mod/mod_auth.html
>
> If you can achieve this, then you won't need to bother writing a
> security module for your app. I think there are ways of extracting who
> the user is logged in as from the apache environment variables. Check
> the php manual. Then you can implement access control on your
> application's resources from a database lookup or something. maybe:
> $arrGroups = file("/etc/groups");
> foreach($arrGroups AS $strGroup) { ...tokenizer... }
>
Thanks a lot! This is what I was trying to do.. howerver, there's a
twist to the story. I now realize that I want to authenticate users
where the /etc/passwd file is on another server. I have root privileges
to that machine and I'm not sure what to do. I have LDAP running on that
server too. Should I use a combination of LDAP and PAM to do this?
Basically, I want people to enter their login and passwords on machine A
and I want machine A to look for the passwd files and their groups on
machine B. any suggestions? Thanks again,
Cheers,
Steve
|
|
|
|
|